Provided by: dnssec-tools_2.2-2_all bug


       donutsd - Run the donuts syntax checker periodically and report the results to an


         donutsd [-z FREQ] [-t TMPDIR] [-f FROM] [-s SMTPSERVER] [-a DONUTSARGS]
                 [-x] [-v] [-i zonelistfile] [ZONEFILE ZONENAME ZONECONTACT]


       donutsd runs donuts on a set of zone files every so often (the frequency is specified by
       the -z flag which defaults to 24 hours) and watches for changes in the results.  These
       changes may be due to the time-sensitive nature of DNSSEC-related records (e.g., RRSIG
       validity periods) or because parent/child relationships have changed.  If any changes have
       occurred in the output since the last run of donuts on a particular zone file, the results
       are emailed to the specified zone administrator's email address.


       -v  Turns on more verbose output.

       -o  Run once and quit, as opposed to sleeping or re-running forever.

       -a ARGUMENTS
           Specifies command line arguments to be passed to donuts executions.

       -z TIME
           Sleeps TIME seconds between calls to donuts.  The DNSSEC-Tools timetrans program can
           be used to convert from large time units (e.g., weeks and days) to seconds.

       -e ADDRESS
           Mail ADDRESS with a summary of the results from all the files.  These are the last few
           lines of the donuts output for each zone that details the number of errors found.

       -s SMTPSERVER
           When sending mail, send it to the SMTPSERVER specified.  The default is localhost.

       -f FROMADDR
           When sending mail, use FROMADDR for the From: address.

       -x  Send the diff output in the email message as well as the donuts output.

       -t TMPDIR
           Store temporary files in TMPDIR.

       -i INPUTZONES
           See the next section details.


       The rest of the arguments to donutsd should be triplets of the following information:

           The zone file to examine.

           The zonename that file is supposed to be defining.

           An email address of the zone administrator (or a comma-separated list of addresses.)
           The results will be sent to this email address.

       Additionally, instead of listing all the zones you wish to monitor on the command line,
       you can use the -i flag which specifies a file to be read listing the TRIPLES instead.
       Each line in this file should contain one triple with white-space separating the



       For even more control, you can specify an XML file (whose name must end in .xml) that
       describes the same information.  This also allows for per-zone customization of the donuts
       arguments.  The XML::Smart Perl module must be installed in order to use this feature.

             <!-- this is not a signed zone therefore we'll
                  add these args so we don't display DNSSEC errors -->
             <donutsargs>-i DNSSEC</donutsargs>

       The donutsd tree may also contain a configs section where command-line flags can be

          <config><flag>a</flag><value>--features live --level 8</value></config>

       Real command line flags will be used in preference to those specified in the .xml file,


         donutsd -a "--features live --level 8" -f \


       Copyright 2005-2013 SPARTA, Inc.  All rights reserved.  See the COPYING file included with
       the DNSSEC-Tools package for details.


       Wes Hardaker <>